Dell EMC Unity:How to add LDAP Users/Groups, for Unity Authentication, over GUI (User Correctable)
Resumen: This Knowledge Base Article is to explain how to use Unisphere to configure LDAP Users or Groups, for authentication on a Dell EMC Unity Array.
Instrucciones
Once the LDAP / LDAPS configuration is completed, you can setup Users or Groups to log in to Unisphere and the CLI with an LDAP account .
To configure Users and Groups over CLI use KB Article Number 000523630.
To configure Users and Groups over GUI follow the below steps:
1. Determine the User Search Path and Group Search Path
The User Search Path is where Dell EMC Unity will look for the user login that will be used for authentication. We can get this information from Relative Distinguished Name of the User. To determine the path, pick any known user who is supposed to use LDAP authentication on the Dell EMC Unity system and run the command dsquery on Active Directory:
For example, the user name is "Kevin Peterson"
C:\Users\ABC>dsquery user -name "Kevin Peterson"
"CN=Kevin Peterson,OU=TestUsers,DC=ourteam,DC=com"
The User Search Path here that you need to note is: OU=TestUsers,DC=MyDomain,DC=com
For Group Search Path, a similar method can be used. This is the place the group will be looked for:
C:\Users\ABC>dsquery group -name "Unity_Admins"
"CN=Unity_Admins,OU=TestGroups,DC=ourteam,DC=com"
The path name for group container is : OU=TestGroups,DC=ourteam,DC=com
Note: If you want to use users or groups from two different OUs, you can set the outer OU path if the OUs are nested or else you can set only the DC part of the path.
Setting DC part only (DC=ourteam,DC=com in above example) as the Search path will make Dell EMC Unity search in all OUs in the Domain Controller.
2. Configure the User Search Path and Group Search Path
Once the Organizational Path for the User accounts or the group is located, go to the Dell EMC Unity GUI and select the Settings icon, and then select Users and Groups > Directory Services > Advanced.
Configure the User Search Path and Group Search Path using information from Step 1, as displayed below:
You can leave other information here to defaults or change as required.
The default values are:
User ID Attribute = sAMAccountName
User Object Class = user
Group Member Attribute = member
Group Name Attribute = cn
Group Object Class = group
Apply the settings.
3. Add the new User or Group to the Unisphere Configuration:
Go to User Management (under Settings icon > Users and Groups).
Click on Add a new User (+ sign).
Choose LDAP User if you want to to add a single LDAP User Account, or LDAP Group if you want to add an existing LDAP Group.
Enter the name of the LDAP User Account ID (sAMAccountName attribute of the User) or the LDAP Group name:
Once the LDAP User or Group is entered, as shown above, select "Next".
The next Screen will ask to specify a Role for the new User / Group that is added to the configuration:
Select the "Next" button. Once you are in the Summary section, ensure that the details entered are correct, and select "Finish" to complete the Setup.
Once the above steps are completed, you will be able to use your LDAP user accounts to access the Dell EMC Unity Array.
Please note that the best practice is to use Group Names with no special characters and with fewer than 32 characters.
Información adicional
| Notes: 1. When using LDAP users for CLI authentication use domain.com/username in the command. See below example: SystemName spa:~> uemcli -u ourteam.com/Nadeem -p Password1234# /user/account show Storage system address: 127.0.0.1 Storage system port: 443 HTTPS connection 1: ID = user_admin Name = admin Role = administrator Type = local 2: ID = ldap_ourteam.com_USER_Nadeem Name = ourteam.com/Nadeem Role = administrator Type = ldapuser 2. When logging into the Dell EMC Unity Unisphere using the LDAP configuration, the userPrincipalName of the account needs to be used. The correct Structure will be the following: username@domain.com or domain.com\username For example for the User Nadeem that was used as an example above, the correct structure will be the following: Nadeem@ourteam.com or ourteam.com\Nadeem  |